Tuesday, April 25, 2006

Windows Small Business Server 2003 Migration

This weekend I, along with a couple of coworkers, performed a migration of a customer's network from Windows 2000 server to Windows Small Business Server 2003. I didn't realize it would be so complicated at first, but SBS 2003 wants to be the Primary Domain Controller. I thought PDC's were out the door since Windows NT. So instead of just installing a new server in the environment and promoting it to domain controller status, we needed to create a whole new network. SBS' features are cool and cheap, but are they worth the price? In my test network of the migration I ran into a few false starts, but the migration went as planned.
During our actual migration things didn't go quite so smoothly, but nothing disastrous. First we needed to demote one of the current Domain Controllers so I could be migrated to the new network. Upon demotion we had our first casualty, ePolicy Orchestrator. ePO was running on MSDE but it could no longer read from the database. It gave suggestions to log in as the local administrator, but that didn't help. We decided to scrap it and install it fresh on the new server. Besides McAfee had updated the software since it was initially installed.
Users and groups migrated just as they should've. The computers were giving us some trouble, but I think it was because we had to wait for DNS to update all the computers. For the most part all computers migrated with only two needing to be done manually.
Exchange was the easiest part of the migration, although I wish the migration tool included public folders (there were so many of them!). We started the migration and left for the weekend. I think that it took at least 16 hours to complete. It took 30 minutes to bring over 8,000 messages and we knew it was time to leave it alone.
Monday morning, preparing for the users: Exchange Migration 0 errors! However the discovery of our biggest headache: Roaming Profiles. It started with the server that roaming profiles was stored on. The permissions to the drive they were on didn't migrate over, so I had to take ownership of the drive and files. This created a bigger problem, Administrator was the owner of the network file and not it's respective owners. We did not know this was the problem for a long time. Every time the user would log she would get an error saying that the roaming profile could not be loaded and that a local copy would be used. I found that it was also creating an event log application error: userenv 1000. Upon research we found there was a solution. Lo and behold, Group Policy could solve our ails. What was the group policy setting?
Computer Configuration > Administrative Templates > System > User Profiles > Do not check for user ownership of Roaming Profile Folders = Enabled

After solving that problem the rest was downhill. All the clients' Line of Business Applications worked as normal with little quirks and hickups.

No comments: